Advertisement

Alvaro Bedoya of the Georgetown University Law Centre in Washington DC says this happened in the face of complete inflexibility from industry players when trying to agree on correct conduct in the simple, hypothetical case above.

Bedoya and other privacy advocates thought the answer was obviously no, but the tech companies disagreed. “We asked if we can agree on this edge case, but not a single company would support it,” he says.

End of anonymity

The lack of consensus means face recognition is moving into creepy territory. One example is California-based company Face First, which is rolling out a system for retailers that it says will “boost sales by recognising high-value customers each time they shop” and send “alerts when known litigious individuals enter any of your locations”.

“What facial recognition allows is a world without anonymity,” says Bedoya. “You walk into a car dealership and the salesman knows your name and how much you make. That’s not a world I want to live in.”

Another company, called Churchix is marketing facial recognition systems for churches. Once the faces of a church’s membership have been added to a database, the system tracks their attendance automatically. It also claims to be able to discern demographic data about the entire congregation, including age and gender.

“Companies are already marketing products that will let a stranger point a camera at you and identify you by name and by your dating profile,” says Bedoya. “I think most reasonable people would find this appalling.”

Two-faced

Online technology companies that use facial recognition have had to think about their own policies for it. Google and Microsoft are known for having the best policies, requiring users to explicitly opt-in. In Microsoft’s case, your facial profile never leaves your device – for example, your Xbox.

But that did not translate into pushing for the same practices to become standard in the meetings.

“Microsoft takes an opt-in approach to facial recognition and we would encourage other companies to do the same,” a spokesperson for the company told New Scientist. “We believe the stakeholder process is important and that is why we are participating. Should there be a consensus that an opt-in approach be adopted, that is something that we could support.”

But no such consensus was reached.

Facing the music

While negotiating rules for face recognition has failed for now, Ben Sobel, also of Georgetown, points out that the US states of Illinois and Texas, which comprise an eighth of the country’s population, already have privacy laws that govern the collection and processing of biometric data like faces.

Facebook is being sued in Illinois, where it is alleged that the social network’s face recognition system violates the state’s laws. Sobel and Bedoya suggest that state by state may be the best way to make progress in ensuring privacy from face recognition technology.

Why don’t the technology companies take these threats seriously? Jennifer Lynch of the Electronic Frontier Foundation, a privacy advocacy group based in San Francisco, says it’s because doing so would constrain what they can do with the technology in future.

Deeper discussion

“We’ve seen this from the birth of commerce on the internet – companies collect as much data as they possibly can on people, because of the possibility that it might be useful,” says Lynch. “We discourage companies from doing that because it means all of that data is available for the government to come asking.”

“This is just the beginning of a very important conversation,” says Kate Crawford of Microsoft Research. “Facial recognition is one of many remote biometric sensing technologies. There’s also gait detection, iris scanning, heartbeat recognition and many others. We need a deeper discussion of the social and ethical implications of these capacities as well as who gets to use them, where and how.”